marvell 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥 and vendor risk memory corruption などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-8426 | Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validatio | [email protected] | 9.4 | 21.76% | 2025-07-31 | 2025-08-06 |
| CVE-2025-6807 | Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getDriverTmpPath method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An atta | [email protected] | 7.5 | 2.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6806 | Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage th | [email protected] | 7.5 | 3.09% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6805 | Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteEventLogFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacke | [email protected] | 9.1 | 20.60% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6804 | Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressFirmwareDumpFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file o | [email protected] | 7.5 | 20.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6803 | Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressDriverFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. A | [email protected] | 7.5 | 20.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6802 | Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An atta | [email protected] | 9.8 | 7.70% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6801 | Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveNICParamsToFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker | [email protected] | 7.5 | 3.09% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6800 | Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the restoreESwitchConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. | [email protected] | 7.5 | 20.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6799 | Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An | [email protected] | 7.5 | 20.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6798 | Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leve | [email protected] | 9.1 | 20.60% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6797 | Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An | [email protected] | 7.5 | 20.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6796 | Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getAppFileBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attack | [email protected] | 7.5 | 20.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6795 | Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadSize method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An at | [email protected] | 7.5 | 2.23% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6794 | Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveAsText method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage thi | [email protected] | 9.8 | 21.04% | 2025-07-07 | 2025-07-14 |
| CVE-2025-6793 | Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to | [email protected] | 9.4 | 87.78% | 2025-07-07 | 2025-07-14 |
| CVE-2020-5805 | In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC. | [email protected] | 8.8 | 0.17% | 2021-01-08 | 2024-11-21 |
| CVE-2020-5804 | Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. | [email protected] | 8.1 | 0.89% | 2021-01-08 | 2024-11-21 |
| CVE-2020-5803 | Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | [email protected] | 8.1 | 0.84% | 2020-12-18 | 2024-11-21 |
| CVE-2020-17389 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerabilit | [email protected] | 8.8 | 9.84% | 2020-08-25 | 2024-11-21 |